System and method for controlling and monitoring access to data processing applications

ABSTRACT

A system and method for auditing data. A first request, the request including at least one data item and generated at a client may be received. The at least one data item may be processed to produce at least one processed data item. A second request may be generated based on the first request and on the processed data items. The second request may be forwarded to a server.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims benefit of US Provisional Patent Application No.61/347,230, filed May 21, 2010, which is incorporated in its entiretyherein by reference.

BACKGROUND OF THE INVENTION

In today's knowledge-based economy, an organization's data is one of itsmore important assets, and many organizations seek to protect, track,monitor and audit access to their data. Many data-processingapplications accordingly offer a set of data tracking capabilities, suchas maintaining change history for data records. Change history typicallyincludes the time, responsible user, and a set of data values for everychange. Another type of data control is called access control, in whichusers are allowed or denied read or write access to certain records orrecord sets.

Modern organizations use multiple data-processing applications, eachsuch application managing a subset of an organization's data. Sometimessuch applications offer a set of data management controls, where thesedata controls usually differ in their interface but generally providesimilar functionalities that may be related to similar data managementcontrols or aspects. Moreover, many data processing applications use auser management system in order to supply data access controls toorganizations. These user management systems are also different in theirinterface but provide fundamentally similar functions. Accordingly, anorganization may be forced to manage a (possibly large number) ofapplications in order to enforce data access or management control.

SUMMARY OF EMBODIMENTS OF THE INVENTION

Embodiments of the invention may enable auditing and/or controlling datatransactions and/or operations related to data. For example, anembodiment of the invention may audit and/or control operations or datatransactions related to writing or modifying data stored in arepository, or read data requests. Operations related to data may berecorded and/or reported. Information in a data transaction, request ora data communication may be modified, and modified information may bestored in a repository. Control information may be added to a modifiedor processed data transaction or request. A mediator may accept a firstrequest from client and generate a processed request. A mediator mayprocess at least one data item in the first request to produce at leastone processed data item, generate a second request based on the firstrequest and on the processed data item and forward the second request toa server, database, application or repository. The mediator may includeparameters or information such as control information, one or moreidentifiers in a processed request. Information in a request may beencoded, transformed, encrypted or otherwise manipulated to generate aprocessed request. A mediator may decode, decrypt or otherwise process adata communication including a processed data item to produce anunprocessed data item.

BRIEF DESCRIPTION OF THE DRAWINGS

Embodiments of the invention are illustrated by way of example and notlimitation in the figures of the accompanying drawings, in which likereference numerals indicate corresponding, analogous or similarelements, and in which:

FIG. 1 shows a schematic block diagram of a system and data flowaccording to embodiments of the invention;

FIG. 2 is a graphical illustration of a method of processing atransaction according to embodiments of the invention; and

FIG. 3 shows components and related operations according to embodimentsof the invention.

It will be appreciated that for simplicity and clarity of illustration,elements shown in the figures have not necessarily been drawn accuratelyor to scale. For example, the dimensions of some of the elements may beexaggerated relative to other elements for clarity, or several physicalcomponents may be included in one functional block or element. Further,where considered appropriate, reference numerals may be repeated amongthe figures to indicate corresponding or analogous elements.

DETAILED DESCRIPTION OF EMBODIMENTS OF THE INVENTION

In the following detailed description, numerous specific details are setforth in order to provide a thorough understanding of the invention.However, it will be understood by those skilled in the art that thepresent invention may be practiced without these specific details. Inother instances, well-known methods, procedures, and components,modules, units and/or circuits have not been described in detail so asnot to obscure the invention. Some features or elements described withrespect to one embodiment may be combined with features or elementsdescribed with respect to other embodiments. For the sake of clarity,discussion of same or similar features or elements may not be repeated.

Although embodiments of the invention are not limited in this regard,discussions utilizing terms such as, for example, “processing,”“computing,” “calculating,” “determining,” “establishing”, “analyzing”,“checking”, or the like, may refer to operation(s) and/or process(es) ofa computer, a computing platform, a computing system, or otherelectronic computing device, that manipulates and/or transforms datarepresented as physical (e.g., electronic) quantities within thecomputer's registers and/or memories into other data similarlyrepresented as physical quantities within the computer's registersand/or memories or other information non-transitory storage medium thatmay store instructions to perform operations and/or processes.

Embodiments of the invention may include an article such as a computeror processor readable non-transitory storage medium, such as for examplea memory, a disk drive, or a USB flash memory encoding, including orstoring instructions, e.g., computer-executable instructions, which whenexecuted by a processor or controller, cause the processor or controllerto carry out methods disclosed herein. For example, a mediator orcomponents of a mediator may be such article.

Although embodiments of the invention are not limited in this regard,the terms “plurality” and “a plurality” as used herein may include, forexample, “multiple” or “two or more”. The terms “plurality” or “aplurality” may be used throughout the specification to describe two ormore components, devices, elements, units, parameters, or the like.Unless explicitly stated, the method embodiments described herein arenot constrained to a particular order or sequence. Additionally, some ofthe described method embodiments or elements thereof can occur or beperformed simultaneously, at the same point in time, or concurrently.

Embodiments of the invention may be or may include a unified andcoherent system and method for protecting access to data, managingusers, enforcing organization policies and monitoring access to data. Asystem may mediate communication of any data, information or parametersbetween users and data processing applications, providing controlled andmonitored data processing operations, transactions and/or sessions. Asystem according to the invention may provide a uniform method to manageusers, define and enforce or apply data access policies and auditoperations related to data, e.g., read and write operations ortransactions.

Embodiments of the invention may include a client, a server, a mediatorand a retrieval module. A mediator and a retrieval module may be devicesincluding a controller, a non-transitory memory and/or a storage. Insome embodiments a mediator and/or a retrieval module may be or mayinclude a software module. In other embodiments, a mediator and/or aretrieval module may be or may include specific or dedicated hardware,software, firmware or any combination thereof. For example, a mediatorand/or a retrieval module may be a chip (e.g., installed on a card orboard that may be installed in a computing device) including memory,controller and a set of peripheral components.

A server may manage and store data of one or more users. A client maymake data processing requests to the server. A mediator may be adaptedto intercept, receiving or otherwise obtain requests from the client,process the requests, possibly modify them to produce processedrequests, and forward the processed requests to the server. The mediatormay receive responses from the server, process them, possibly modifythem to produce processed responses, and forward the processed responsesto the client. A mediator may generate and/or produce events, reports orother information related to operations related to data (e.g., dataaccess operations). A storage system may store events, reports or otherinformation produced by a mediator. A retrieval module may access astorage system, retrieve events, reports or other information, analyzeretrieved data, and provide reports, e.g., to a user. When a mediatorprocesses data to be received by a client, it may be referred to as areverse mediator.

A client may be a user, e.g., an employee in an organization, or it maybe a module or unit, e.g., a computer agent acting on behalf of a human,an agent may be directly controlled, e.g., by a user or it mayautomatically or independently perform data related operations. Forexample, a client may be a backup application that writes informationto, or modifies information on a backup server. A mediator may be one ormore network nodes that may be located between a client and a datamanagement application. A mediator may be a module located at the dataprocessing application, or a module located at the client. A mediatormay include two or more portions, components or units that may begeographically or otherwise separated. For example, a first portion of amediator may be adapted to receive requests or other communications froma client and a second portion of a mediator may be adapted to receiveresponses or other communications from the server.

FIG. 1 shows a schematic block diagram of a system and related dataflows according to embodiments of the invention. As shown, a system mayinclude a client that may be a user terminal 101. client 101 may issue arequest to data management application 105. A system may include amediator 103 to obtain a communication from client 101. Mediator 103 mayobtain data communicated from user terminal 101 to data managementapplication 105, process obtained data to produce modified data ortransaction and forward the modified data to data management application105.

A system may include a data management application 112 (that may be thesame as data management application 112 or another application) tocommunicate data (e.g., a response retrieved from database 120) to aclient, e.g., user terminal 116 that may be user terminal 101 or may bea different user and/or device. As shown, auditing mediator 103 mayprocess requests or user data 102 received from a client or userterminal 101 to provide processed requests 104, and may forward theprocessed requests 104 to data management application 105. Auditingmediator 114 may process responses 113 received from a server orapplication, produce processed responses 115, and may forward theprocessed responses 115 to a client. Parties to a transaction, e.g.,clients, servers and/or applications may not be aware of the presence ofthe mediator. For example, user terminals 101 and 116 may interact withdata management applications 105 and 112 as if mediators 103 and 114 arenot involved in the interaction.

Although for the sake of simplicity and clarity, requests and responsesare mainly discussed herein, it will be understood that embodiments ofthe invention are not limited to requests and responses. Anycommunication of any information, data or parameters between a clientand an application or server may be applicable. For example, anyinformation, data or parameters sent from a client to an application orserver may be intercepted or otherwise obtained by a mediator,encrypted, transformed, converted or otherwise processed, and theencrypted or otherwise processed information may be forwarded to theserver or application, e.g., instead of the original data sent from theclient. Similarly, any information, data or parameters sent from aserver or application to a client may be obtained, transformed,converted decrypted or otherwise processed and the decrypted orotherwise processed information may be forwarded to the client.

A mediator (e.g., auditing mediator 104) may control communication. Forexample, a mediator may block a transaction or prevent an operation. Forexample, mediator 103 may prevent a data write request from beingexecuted, e.g., by not forwarding the request to management application105 and possibly provide an indication of a prevention of an operation,e.g., to the client issuing the request and/or an administrator.Similarly, a transaction from application 112 to terminal 116 may beblocked by mediator 114.

A request, response, transaction or data communication may contain oneor more data items. Processing a transaction, e.g., processing a requestor a response by a mediator may include processing the data items.Processing a transaction may be based on content included in thetransaction, e.g., in included data items. In case a request is receivedfrom a client at a mediator is a data write request containing one ormore data items, the mediator may process these data jointly orseparately, and may provide processed data items to be included in theprocessed request. Processing of the data items may include includingcontrol information in the processed data items, and may include issuinga data access event specifying details of the request and/or containeddata items.

In case a response (destined to a client) is received from a server at amediator where the response may contain one or more data items, themediator may process the request by at least one of (a) detecting dataitems containing control information in the response, (b) processingdata items containing control information to provide processed dataitems, (c) issuing a data access event or indication specifying detailsof the response and/or contained data items (d) preventing a user fromaccessing at least a portion of the data contained in the response and(e) providing a modified response to the client and possibly indicatingthis forbidding.

A mediator may mediate session parameters including authenticationparameters between a client and a server or application, e.g., usernames, passwords and session identifiers. Mediating session parametersmay enable a mediator to protect access to server or application data,enforce access to a server or application only through the mediator, andmaintain mediator-related context information such as an identity of theuser in the mediator. Mediating session parameters may be performed byencrypting, with a key private to the mediator, user names and passwordssent to a server or application, and session identifiers sent to theclient. Control information included in a first transaction may be usedin a subsequent or related transaction. For example, control informationincluded in data when processing a data write or store request may beused when the data is received as part of a response, e.g., a responseto a data read request.

Control information may be included in a processed transaction and maybe used by a mediator when processing data items when these data itemsappear in responses generated by, or received from a server orapplication. Control information may include one or more controlinformation items. For example, control information may include one ormore of (1) identification of the user related to the data writerequest, (2) a time and date when the write request is made, (3) anidentity of a record being written, (4) an identity of a related recordin a mediator, (5) a type of the data record being written, (6) a typeof data item being written, (7) an identity of the actual mediatorprocessing the request, (8) an identity of the specific part of themediator processing the request, such as the network address of anetwork node in a mediator comprising of a multitude of network nodes,(9) a unique indicator identifying the transaction and the data itemcollectively, (10) information indicating which and how other controlinformation items are included in the request, (11) an instruction toexecute an action when reading a record, may be referred to herein asread-time instruction, (12) any other information derived from therequest being made and/or the context of the processing of the request.In some embodiments, control information may be inserted into atransaction originating at a client and destined to a server orapplication and may be removed from a transaction originating at aserver or application and destined to client.

Control information may be appended, prepended, interleaved or otherwiseincorporated into a record data item holding textual data. Controlinformation may be marked by using a statistically rare feature oridentifier, such as a rare character, to indicate its presence and tomake detection of record identifiers in a body of text efficient.Control information may use a certain character set to encode itscontrol information items, such as Base-64 encoding. Control informationmay be encrypted using a private key or using a pair of private andpublic keys, in order to prevent unauthorized bodies from generatingfake control information and/or from directly examining controlinformation. Control information may be truncated to the maximum lengthof a textual field, if known, if a processed data item holding thecontrol information and the original data exceeds such a known maximumlength, such that a server does not reject the data item. A data item ina transaction may be encrypted, and the control information may beincluded in a processed encrypted data items. Such encryption may alsopreserve one or more server-side functionalities such as searching,case-insensitive searching, sorting, etc.

Reference is made to FIG. 2 that shows a graphical illustration of amethod of processing a transaction according to embodiments of theinvention. In particular, FIG. 2 illustrates how control information maybe generated and incorporated in a transaction. As shown, controlinformation may generated by appending one or more textual characters toa user data item 201, with a rare character sequence “###” indicatingthe presence of the control information and making its detection in abody of text efficient. The textual characters may encode one or morecontrol information items.

As shown, user data 202 may be included in the modified user data thatmay be a processed transaction forwarded to a server of application. Asfurther shown, a record identification 203 and record type 204 may beincluded a control information object. As further shown, a useridentification parameter may be incorporated into a control informationobject. As further shown, a mediator record identification 402, amediator identification 403, a unique identification parameter 404 and alocal time parameter 405 may all be used to generate a controlinformation object. A control information object or record may beencrypted and a predefined string or other parameter (e.g., “###” asshown) may be appended to the encoded control information object, e.g.,in order to enable locating the control information object.

As shown, user data 202 may be included in the modified user data thatmay be a processed transaction forwarded to a server or application. Asfurther shown, a record identification 203 and a record type 204 may beincluded in a control information object. As further shown, a useridentification parameter may be incorporated into a control informationobject. As further shown, a mediator record identification 402, amediator identification 403, a unique identification parameter 404 and alocal time parameter 405 may all be used to generate a controlinformation object. A control information object or record may beencrypted and a predefined string or other parameter (e.g., “###” asshown) may be appended to the encoded control information object, e.g.,in order to enable locating the control information object.

A mediator may correlate data events related to a certain record in adata processing application. Data events may be new record insertionevents, existing record update events and record or record data itemretrieval events. Since record data items, also referred to herein asrecord fields, may be retrieved jointly (e.g., when retrieving a certainrecord) or separately (e.g., when viewing a report), a mediator may addcontrol information to any individual record field when possible.

In order to correlate record events related to a record through therecord's lifetime, the mediator may rely on the record identifier in theserver. The record identifier by itself may not be sufficient touniquely identify a record, since a server may have multiple recordidentifiers of records of different types. For example, in a supplysystem, record identifier 003 may identify the customer record number003, and also the shipment record number 003. Thus, the system may useboth the type of a record and a record identifier in order to uniquelyidentify a record, and may include both of them in the controlinformation.

A mediator may also generate its own (possibly temporary) recordidentifiers and include such temporary record identifier in the controlinformation. Temporary record identifiers may change every time therecord is saved. When generating a record identifier, an event may beissued to signal and record the generation of the temporary identifier.When a response is received from a server or application, containingboth the temporary identifier and the record identifier in the server,the two identifiers may be correlated and be considered by a mediator toidentify the same record.

Temporary record identifiers may be used to correlate a newly createdrecord, having no identifier in the server at the time of creation, to aretrieved record detected in responses generated by the server. When aresponse from a server includes both the temporary record identifier andthe record identifier in the server, an event may be issued relating orassociating the two identifiers and this event may be used to relate allaccesses to both record's identifiers.

A mediator may be configured to allow (or enable) or disallow (orprevent) certain users from retrieving or manipulating certain records.Information or parameters such as individual record identifiers, certainuser identities, the identity of the user who inserted or updated thedata, the type of record may be used by a mediator in order to determinewhether an operation (e.g., an access to data on a server) is to beenabled or prevented. Controlling operations related to data in a serveror application may be based on any parameter that may be included in thecontrol information, or on any combination of parameters describedherein, e.g., in order to determine whether the retrieve request isallowed or not. When the control information in a record includesinformation usable in determining a permission (e.g., whether to permitor prevent a transaction), the mediator may simply check the recordinformation against the context of a request, determine whether the usermay receive the related data or not, and act according to an actionconfigured for such cases.

For example, if user A is not allowed to retrieve records entered byuser B, and the control information includes identification of user B asthe originator of the data, then a request made by user A may bedisallowed to complete without change if the response contains recordfields entered by user B. A mediator may process a transaction (e.g., aresponse) according to permissions that may be determined based oninformation in control information. For example, a mediator may replacethe record fields with empty values, with a value indicating forbiddenaccess, or may generate a response indicating that access to some or allrecord fields is disallowed.

Reference is made to FIG. 3 that shows components and related operationsaccording to embodiments of the invention. FIG. 3 illustrates how, in anembodiment of the present invention, tracking read access to data isperformed. As shown by 330, determining access rights to data mayinclude detecting control information in user data, e.g., by detecting apredefined string or set of symbols inserted as described herein. Asshown by 340, control information may be decoded, for example and asshown, a user identification parameter (user ID) and a unique recordidentification (unique record ID) may be extracted from the controlinformation. Based on the decoded control information and the useridentity, the mediator may grant or deny the user of access to the data,followed by issuing a data read event that may be stored, as shown, inan auditing database 310.

A mediator may be configured to allow or disallow certain users frommaking write requests including inserting, updating or deleting records.The mediator may use the context in which such a write requests aremade, including the user identity or identities and the server orapplication being accessed, and may also use the details of the specificrequest, such as the record identifier and the original author of therecord, in order to determine whether a write request is to be allowedor blocked. The mediator may further use information gathered inpreviously processed requests and responses in order to make thisdetermination.

For example, a mediator may hold a mapping of known record identifiersin the server to record information such as the original author of therecord, the type of the record, the time of writing, or a combinationthereof. When a mediator receives a write request to a record identifiedusing a record identifier, the mediator may consult this mapping toobtain the identity of the record's original author, and may determinewhether to permit or prevent the operation based on the identity of theoriginal author, information identifying the user attempting to performthe operation, information related to the data being accessed or anyparameter that may be obtained by a mediator as described herein.

A retrieval module may receive or gather events generated by a mediatorto provide various kinds of reports on the data access. Such reports mayinclude (a) record write history, detailing the users, times, andsuccess indication of write requests to the record, (b) record readhistory, detailing the users, times and success indication of readrequests to the record, (c) a user activity report, detailing read andwrite requests to certain records made, (d) an author user's dataactivity report, detailing users, times, and success indication of readand/or write access to an author user's data, (e) reports identifyingunordinary behavior and access patterns to data, (f) any other reportgenerating by gathering and analyzing events issued by the mediator.

Embodiments of the invention, e.g., a mediator as described herein, mayinclude an article such as a computer or processor non-transitoryreadable medium, or a computer or processor non-transitory storagemedium, such as for example a memory, a disk drive, or a USB flashmemory, encoding, including or storing instructions, e.g.,computer-executable instructions, which, when executed by a processor orcontroller, carry out methods disclosed herein. Some embodiments, e.g.,a mediator as described herein, may be provided in a computer programproduct that may include a non-transitory machine-readable medium,stored thereon instructions, which may be used to program a computer, orother programmable devices, to perform methods as disclosed herein.

The storage medium may include, but is not limited to, any type of diskincluding optical disks, rewritable compact disk (CD-RWs) and the like.The storage medium may include semiconductor devices such as read-onlymemories (ROMs), random access memories (RAMs), such as a dynamic RAM(DRAM), flash memories or any type of media suitable for storingelectronic instructions, including programmable storage devices. Asystem according to embodiments of the invention may include componentssuch as, but not limited to, a plurality of central processing units(CPU) or any other suitable multi-purpose or specific processors orcontrollers, a plurality of input units, a plurality of output units, aplurality of memory units, and a plurality of storage units. A systemmay additionally include other suitable hardware components and/orsoftware components. In some embodiments, a system may include or maybe, for example, a personal computer, a workstation, a server computer,a network device or any other suitable computing device.

While certain features of the invention have been illustrated anddescribed herein, many modifications, substitutions, changes, andequivalents may occur to those skilled in the art. It is, therefore, tobe understood that the appended claims are intended to cover all suchmodifications and changes as fall within the true spirit of theinvention.

What is claimed is:
 1. A system for auditing data, the systemcomprising: a mediator system in communication with a client and anetwork resource, the mediator system comprising a non-transitorycomputer readable medium including instructions that, when executed by afirst processor, cause the processor to perform operations comprising:identifying an original communication generated at said client, saidoriginal communication including at least one data item including clientdata; processing said at least one data item to produce at least onefirst processed data item including control information identifying arecord associated with the client data, wherein the record is stored onthe network resource; generating a modified communication comprising theclient data from the original communication and the at least one firstprocessed data item to allow auditing of the processed data item overtime; and forwarding said modified communication to said networkresource.
 2. The system of claim 1, wherein the instructions cause thefirst processor, when processing said at least one data item, to performat least one of the following: include a time indication in said atleast one first processed data item; include an originator clientidentity in said at least one first processed data item; or include atleast one read-time instruction in said at least one first processeddata item.
 3. The system of claim 1, wherein the instructions cause thefirst processor, when processing said at least one data item, to encryptsaid at least one data item to provide at least one encrypted data item,and encoding said at least one encrypted data item using a textualencoding scheme.
 4. The system of claim 1, wherein the instructionscause the first processor, when processing said at least one data item,to include a statistically rare identifier in said at least one firstprocessed data item.
 5. The system of claim 1, wherein the instructionscause the first processor, when processing said at least one data item,to truncate said at least one first processed data item to a maximaldata item length.
 6. The system of claim 1, further including a reversemediator system, said reverse mediator system comprising a secondprocessor and a memory, the second processor configured to: accept aresponse communication generated at said network resource, said responsecommunication including at least one second processed data itemcomprising user data and control information identifying a recordassociated with the client data; process said at least one secondprocessed data item to provide at least one unprocessed data item havingthe control information removed; and generate a modified responsecommunication based on said response communication and on saidunprocessed data item.
 7. The system of claim 6, wherein the secondprocessor, when processing said at least one second processed data item,is configured to generate and provide event information.
 8. The systemof claim 7, wherein said event information includes at least one of: anoriginating user identity, a reading user identify, a time of reading ofa data item, a time of writing of a data item, and a read-timeinstruction.
 9. The system of claim 6, wherein processing said at leastone second processed data item, comprises associating a recordidentifier included in said at least one second processed data item witha record identifier included in said response communication and storinga parameter related to the associating in a storage system.
 10. Thesystem of claim 6, wherein the second processor is configured to preventan access to the at least one unprocessed data item based on processingthe at least one second processed data item.
 11. The system of claim 1,wherein processing said at least one data item further comprisesderiving auditing information.
 12. The system for auditing data of claim1, wherein the operations further comprise: controlling access to the atleast one first processed data item based on the control information.13. A method of auditing data, the method comprising: identifying anoriginal communication by a client, said original communicationincluding at least one data item including client data; processing saidat least one data item to produce at least one first processed data itemincluding control information identifying a record associated with theclient data, wherein the record is stored on a network resource; andgenerating a modified communication comprising the client data from theoriginal communication and the at least one first processed data item toallow auditing of the processed data item over time; and forwarding saidmodified communication to the network resource.
 14. The method of claim13, wherein processing at least one data item to provide at least onefirst processed data item includes at least one of: including a timeindication in said at least one first processed data item; including anoriginator client identity in said at least one first processed dataitem; or including at least one read-time instruction in said at leastone first processed data item.
 15. The method of claim 13, whereinprocessing at least one data item to provide at least one firstprocessed data item includes encrypting said at least one data item toprovide at least one encrypted data item, and encoding said at least oneencrypted data item using a textual encoding scheme.
 16. The method ofclaim 13, wherein processing at least one data item to provide at leastone first processed data item includes including a statistically rareidentifier in said at least one first processed data item.
 17. Themethod of claim 13, wherein processing at least one data item to provideat least one first processed data item includes truncating processeddata items to a maximal data item length.
 18. The method of claim 13,further comprising: accepting a response communication generated at saidnetwork resource, said response communication including at least onesecond processed data item comprising client data and controlinformation identifying a record associated with the client data;processing said at least one second processed data item to provide atleast one unprocessed data item having the control information removed;generating a modified response communication based on said responsecommunication and on said unprocessed data item.
 19. The method of claim18, wherein processing the at least one second processed data itemincludes generating and providing event information.
 20. The method ofclaim 19, wherein said event information includes at least one of: anoriginating client identity, a reading client identity, a time ofreading of a data item, a time of writing of a data item, and aread-time instruction.
 21. The method of claim 18, wherein processingthe at least one second processed data item includes associating arecord identifier included in said at least one second processed dataitem with a record identifier included in said response communicationand storing a parameter related to the associating in a storage system.22. The method of claim 18, further comprising preventing an access tothe at least one unprocessed data item based on processing the at leastone second processed data item.
 23. The system of claim 1, whereinprocessing said at least one data item further comprises incorporatingthe control information into said at least one data item to produce atleast one first processed data item.
 24. The method for auditing data ofclaim 13, further comprising: controlling access to the at least onefirst processed data item based on the control information.